8. Insider Threats
Insider threats refer to those who already have access to your cloud network. As the name itself reveals – the threats come from inside. They involve malicious or negligent actions by (ex) employees, contractors, vendors, or anyone with authorised, active, and authentic access to your cloud environment, who often seek revenge.
It can also be users who ignore the cloud security rules you’ve put in place to protect your cloud assets and data. Think about employees sharing files that shouldn’t be shared outside the company network, or giving access to other when they shouldn’t. Start by managing how people within your immediate circle use it, and implementing strict access controls and monitoring user activities can help mitigate the associated risks.
9. Shadow IT
You can't protect what you can't see, which rings true for cloud security. Shadow IT is any information technology employees use without IT knowledge or approval. This includes peer-to-peer collaboration tools, messaging apps, personal laptops, phones, or tablets. The rapid migration to cloud services and increasing remote working have made Shadow IT a prevalent issue, exposing organisations to security hazards.
10. Advanced Persistent Threats (APTs)
APTs are a significant threat to the cloud. APTs are stealthy, long-term cyber-attacks by skilled attackers or teams that aim to get continuous access to a network to steal sensitive data. These elite hackers get into systems, establish a hidden foothold and gradually exfiltrate data, often staying undetected till it’s too late. They use tactics like ransomware, extortion, zero-day exploits, phishing, credential theft, wiper attacks and supply chain compromises.
Not addressing APTs in cloud services can lead to weak security, data loss, operational disruption, financial penalties and reputational damage – all of which can fatally impact business continuity and customer trust. So, get prepared for the worst before it happens.
Cloud Security Challenges
11. Skill Gap
There aren’t enough cloud security people. The IBM Data Breach Report shows that over half of the breached organisations lacked security staff: highlighting the importance of having in-house security professionals equipped with internal knowledge to be a crucial factor for protecting your cloud assets. Usually there is a lack of awareness or a lack of competence on cloud security behind every major data breach.
We cannot treat modern cloud security like taking what’s working on-prem and copying and pasting it to the cloud. It requires a whole new mindset, a multi-layered and defence-in-depth approach, where we ideally tackle security as early in the software development lifecycle, better known as “shifting left”.
12. Not Understanding Shared Responsibility
Many organisations assume that migrating on-prem or legacy applications to the cloud means the cloud provider takes complete care of your security, but this is a myth.
Cloud computing does not automatically ensure security controls and privacy. As the word itself reveals, the responsibility in the cloud becomes a shared one between you (as customer) and the cloud provider (e.g. Microsoft Azure).
The exact responsibilities you have depend on which cloud computing model you adopt: Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS), or Infrastructure-as-a-Service (IaaS). You can see the responsibilities per model compared to on-prem here below:

13. Increased Complexity (Multi-Cloud environments)
When we talk security, it would be best if your business operated in just one cloud provider platform. However, most operate in multi-cloud environments: 39% use a hybrid cloud and 33% a multi-cloud strategy to enhance scalability, access diverse services, etc. The problem is that these environments are often scattered globally, potentially with different teams taking ownership of different cloud platforms, making security a major challenge. It also increases the knowledge required to administrate, maintain, and configure with consistency. It leads to a lack of visibility, which is up next.
14. Limited visibility and observability
A lack of cloud visibility poses a significant cloud security threat, especially since customers don’t own the underlying infrastructure. This lack of control increases cloud computing risks, making detecting and responding to threats harder. Fortinet's 2022 Cybersecurity Insiders Report identified lack of visibility (49%) as a key limitation to cloud adoption.
A major challenge is the sheer volume of data (login attempts, system logs, application events, etc.). Sorting through this data to identify potential security threats is an overwhelming task. This is where AI-driven solutions are proving essential, helping filter through massive datasets, detect anomalies, and identify compromised systems. With AI-powered 360-degree monitoring, organisations can enhance visibility, detect security risks faster, and better manage cloud security. This is one of the cloud security trends forming in 2024 and is expected to become more critical in 2025.